Zetta Blog

Top 5 Data Protection Incidents of 2015

by Maggie Getova

Jan 14, 2016

Data protection was a big topic of discussion in 2015, and will certainly continue being one in 2016 and beyond. From security breaches to natural disasters, 2015 was full of reminders and valuable lessons around the importance of keeping data secure – and the far reaching consequences of failing to do so.

1. The Google Data Loss Incident – When Lightning Strikes

Back in August, a lightning storm hit a local utility grid four times near one of Google’s data centers in Belgium. According to the incident report put out by Google, less than 0.000001% permanent disk space was lost – and customers did not lose data because it was replicated across multiple servers.

The report may sound as if the impact of the data loss was minimal, but some companies did experience negative consequences. For example, French startup Azendo actually experienced 12 hours’ worth of downtime. There is a happy ending to the story though: they fully recovered the data that had been lost since they had previously backed it up to a different center. Many small businesses and startups can’t afford to be without their data for very long, so Azendo was lucky that the incident was a short as it was– and that they had the other backups. .

The Google data loss incident showed us that even a tech giant like Google can be impacted by a disaster, so having regularly scheduled backups and multiple ways to store data is essential to keeping business running.

The breach serves as a reminder that any time humans are responsible for anything, errors are almost inevitable – and people are the biggest cause for data loss after all. And when critical data is added to the mix, the stakes and consequences can be major. Which brings us to…

While this should certainly serve as another blaring reminder that human error can cause a lot of damage when it comes to handling large volumes of sensitive data, it is also shows how critical security is in these kinds of institutions. Employees in the healthcare industry and elsewhere are in need of more training on maintaining strict security measures and how they can help prevent these kinds of attacks in the future.

4. The Hillary Clinton Email Scandal – The Backup Retention Question

For a good few months, discussions of the Clinton email “scandal” were impossible to avoid. In March it was reported that Clinton had used a private email account for government/business related emails, and eventually it was discovered that she had used her own email server rather than a third-party provider’s. Clinton had apparently deleted over 30,000 emails and the FBI seized the backups for investigation. The appliance the emails were on was actually still backing up to the cloud up until 2015, which came as a surprise to Clinton’s team. This drew a lot of attention to the backup company’s data retention policies and where backups were actually stored at different points in time.

Politics aside, IT managers have a lot to take away from what happened in this case, especially when it comes to backup retention. In real life, backup providers are much more likely to run into issues for not retaining data long enough rather than too long. Either way, both the provider and the client need to be aware of exactly how long backups are expected to be stored. In addition, being able to relay where data is backed up at any point in time is a must, and even more important when it comes to sensitive data. Despite the issues Clinton is facing for having her data backed up to the cloud, for most people offsite backup is a good thing because it ensures that data is kept safe at all times in case a disaster strikes the on-site backup location.

5. Ashley Madison – When Hackers Attack

The Ashley Madison breach occurred in July, and its effects are still ongoing in 2016. In case you’ve been living under a rock, Ashley Madison is a website created for cheating spouses. Hackers infiltrated its parent company, Avid Life Media Inc., and released the names, home addresses, and other personal information of 32 million Ashley Madison customers. The CEO stepped down due to the scandal, and multiple lawsuits have been filed against the company since. Spammers also attempted to blackmail victims of the breach by demanding bitcoin to prevent them from making the information public.

There are a number of lessons to take away from these unfortunate events, and it’s not just that adultery is a bad idea. Ensuring and actually testing your organization’s security is a must to prevent something like this from happening, as well as having a clear plan of what to do in case such a breach occurs. A number of the people registered to the website had also used their business emails, so paying close attention to online employee activity and watching out for red flags could help prevent a similar incident in your organization. And last but not least, take a closer look at the security level of any third-party services your company uses. If they have access to employee emails, passwords and any other vital data, they should be able to demonstrate their security measures.

On a different level, the scandal and many others like it should help us all remember the unspoken rule of being a member of the Internet – user discretion advised. In other words, anything that goes on the Internet has the potential to become public information. Acting accordingly can prevent a lot of headaches and lawsuits.